How VRRP Works
The advantage of using VRRP is that you gain a higher availability for the default path without requiring configuration of dynamic routing or router discovery protocols on every end host.
VRRP routers viewed as a redundancy group share the responsibility for forwarding packets as if they owned the IP address corresponding to the default gateway configured on the hosts. At any time, one of the VRRP routers acts as the master, and other VRRP routers act as backup routers. If the master router fails, a backup router becomes the new master. In this way, router redundancy is always provided, allowing traffic on the LAN to be routed without relying on a single router.
A master always exists for the shared IP address. If the master goes down, the remaining VRRP routers elect a new master VRRP router. The new master forwards packets on behalf of the owner by taking over the virtual MAC address used by the owner.
When implemented in your network, VRRP interprets any active link to a subnet to indicate the router has access to the entire subnet. VRRP leverages the broadcast capabilities of Ethernet. Provided that one of the routers in a VRRP configuration is running, ARP requests for the IP addresses assigned to the default gateway always receive replies. Additionally, end hosts can send packets outside their subnet without interruption.
Configuration Examples
This sections describes and illustrates three VRRP configuration examples. They include:
- Basic VRRP Configuration
- Commonly Used VRRP Configuration
- VRRP Configuration Without the Real Address Owner
Basic VRRP Configuration
As Figure 30 shows, the basic VRRP configuration uses a single VRID (VRID 1). Because R1 is the address owner, it serves as the master router. Router R2 is the backup router. The four end hosts on subnet 1 are configured to use 10.0.0.1/8 as the default router. IP address 10.0.0.1 is associated with VRID 1.
In this example, if R1 becomes unavailable, R2 takes over VRID 1 and its associated IP addresses. Packets sent to IP destinations outside the 10.x.x.x subnet using 10.0.0.1 as the router are then forwarded by R2. Even though R2 assumes R1's forwarding responsibilities, it may or may not process any packet with destination address (DA) 10.0.0.1, depending on the accept-data configuration. When R1 becomes active again, it takes over as the master router and R2 reverts to the backup router.
The VRRP MAC address is always 00-00-5e-00-01-vrid. The valid VRID range is 0x01–0xFF.
Commonly Used VRRP Configuration
Figure 31 shows two physical routers backing up each other through VRRP. Routers R1 and R2 are both configured with VRID 1 and VRID 2. In this configuration, under normal circumstances the routing load is distributed between the two routers.
VRRP Configuration Without the Real Address Owner
Figure 32 is noticeably similar to Figure 31 except that the addresses configured by the VRIDs have no real owner. Consequently, both routers R1 and R2 are configured as backup routers for VRID 1, VRID 2, VRID 3, and VRID 4.
Assuming that preemption is enabled, the router that is configured with the highest priority for each VRID becomes the master router. If priorities are the same, the router that has the highest primary address becomes the master router.
This configuration shows how the address owner does not necessarily need to exist under VRRP, and all PCs can reach destinations outside of their network through the current master VRRP router. Depending on the accept-data configuration, the PCs may even be able to ping their default gateway.
The election protocol specified in VRRP uses IP multicast packets to provide the router with redundancy. Therefore, VRRP can operate over a variety of multiaccess LAN technologies that support IP multicast. It is important to remember that there is always one master router for an IP address shared by the redundancy group.